Category: malware

So I have done a few write ups on the prevalence of malicious crypto-mining on servers. These previous write ups have mostly focused on Monero (XMR) as this has been the currency of choice do to the ease of mining due to

So, not to over hype, but everyone these days is excited about the idea of file-less malware to bypass traditional anti-malware techniques. I ran into a case last week in which I saw some techniques that evaded my traditional methods for locating

Today we get the first write-up I’ve done for an unknown malware variant. I have observed this particular malware twice in the wild, the first time I simply stopped it and cleaned up the mess, but after seeing it a second time

Here’s part 2. of the Holiday minerware write ups, you can check out part 1 here. So lets dig in to Case 2. Alert method: Load on the server This case was first reported as a load investigation on a web

Hello, and happy holidays! I have a few binaries to unwrap for you today. These are 2 separate incidents from the prior week of some more miners in the wild. First up we have Case 1. Alert method: Hacked site and

So this post is a follow up to the first in this series. In the first post I went over the data on attacks in the wild focusing on prevalence and motivations, this post is more of a focus on technical indicators

So in my day to day work I come across many servers that have been compromised. Far and away the majority of these compromises use either phishing or spam as their monetization method. In the past year or two crypto ransomware has

So many malware today is now distributed by phishing sites and malicious sites. Many of these are tracked by various outfits and they offer a great resource in the form of threat feeds. One of my favorite methods to take advantage of

So last night I gave my talk at the Lansing MiSec meetup and released the hacked VM for you to practice your skills and web shell detection an perform IR on this server. I plan to do a full writeup when time